At present, mutual authentication is typically implemented between a user and a network access point over a communication network to guarantee the access of a valid user to a valid network. Entity authentication methods using an asymmetric cryptographic technique may be categorized into two kinds: unilateral authentication and mutual authentication. Particularly, uniqueness/timeliness of authentication is controlled by generating and checking time variant parameters such as time stamps, sequence numbers, or random numbers. If time stamps or sequence numbers are used as time variant parameters, the mutual authentication between entities can be completed by two pass authentication; or if random numbers are used as time variant parameters, the mutual authentication between entities can be completed by three pass authentication or two parallel authentication.
Before or during operation of the authentication mechanism, a verifier shall be provided with a valid public key of a claimant, otherwise the authentication might be endangered or fail. A three pass mutual authentication is described here as an example.
Referring to FIG. 1, the authentication system includes two authentication entities A and B. The authentication entity A transmits a token TokenAB=RA∥RB∥B|Text3∥sSA(RA∥RB∥B∥Text2) to the authentication entity B, and the authentication entity B transmits a token TokenBA=RB∥RA∥A∥Text5∥sSB(RB∥RA∥A∥Text4) to the authentication entity A, where sSX denotes a signature of an entity X, Rx denotes a random number generated by the entity X, CertX denotes a certificate of the entity X, and Text2, Text3, Text4 and Text 5 denote optional text fields, and X denotes an authentication entity distinguishing identifier, here A or B.
A process of operating the three pass authentication mechanism is described in detail below:
1) The entity B transmits a random number RB and an optional text field Text1 to the entity A;
2) The entity A transmits a token TokenAB and an optional certificate field CertA to the entity B;
3) The entity B performs the following steps upon reception of the message transmitted from the entity A:                3.1) Guaranteeing to obtain a valid public key of the entity A either by verifying the certificate of the entity A or by some other means; and        3.2) Verifying the signature of the entity A contained in the token TokenAB in the step 2), checking the correctness of the entity distinguishing identifier B, and checking that the random number RB transmitted in step 1) is consistent with the random number RB contained in the token TokenAB, so that the entity A is authenticated by the entity B;        
4) The entity B transmits the token TokenAB and an optional certificate field CertB to the entity A; and
5) The entity A performs the following steps upon reception of the message including the token TokenBA transmitted from the entity B:                5.1) Guaranteeing to obtain a valid public key for the entity B either by verifying the certificate of the entity B or by some other means; and        5.2) Verifying the signature of the entity B contained in the token TokenBA in the step 4), checking the correctness of the entity distinguishing identifier A, and checking that the random number RA transmitted in the step 2) is consistent with the random number RA contained in the token TokenBA and that the random number RB received in the step 1) is consistent with the random number RB contained in the token TokenBA, so that the entity B is authenticated by the entity A.        
As can be apparent, successful operation of the three pass authentication mechanism is guaranteed under the condition that the entity A and the entity B possess respectively the valid public keys of each other, but the protocol does not involve how to obtain the valid public keys and the validity thereof. However, this guaranteeing condition can not be satisfied in many application scenarios at present. For example, a user access control function is typically realized by the entity authentication mechanism over a communication network, and thus an access of a user to the network is prohibited before a successful operation of the authentication mechanism, and consequently it is impossible or difficult for the user to access a certificate authority and even impossible to obtain the validity of the public key of an opposite entity, i.e., a network access point, prior to the authentication.